chore(deps): update dependency next to v16.0.7 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
next (source)	dependencies	patch	16.0.6 -> 16.0.7

GitHub Vulnerability Alerts

CVE-2025-66478

A vulnerability affects certain React packages¹ for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182.

Fixed in:
React: 19.0.1, 19.1.2, 19.2.1
Next.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7

The vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.

All users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.

¹ The affected React packages are:

• react-server-dom-parcel
• react-server-dom-turbopack
• react-server-dom-webpack

---

Release Notes

vercel/next.js (next)

v16.0.7

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Summary by cubic

Upgraded Next.js from 16.0.6 to 16.0.7 to fix CVE-2025-66478 affecting React Server DOM packages with the App Router. This applies the upstream security patch; no code changes needed.

• Dependencies
  • Refreshed platform-specific @next/swc binaries in bun.lock to match Next 16.0.7.

^{Written for commit f433f5d. Summary will update automatically on new commits.}

[cubic-dev-ai]

No issues found across 2 files